netsupport | 8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08
Size

291KB
Sample

220912-nczjvaghcq
MD5

1e982a3efe0bf51fc997cc3a08ebab34
SHA1

deb3a2ca2bf4a032f2df55f5117d6f774dad2030
SHA256

8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08
SHA512

68e89eba604c225c97570a23c976c55821bb709167b57ffb3377f313b4fdd1feda9919ed943c2d9e61524dd6e5ddf84791d7075040e1eeca744d696f1688ee5b
SSDEEP

6144:H9PQU6275aiZRn9o5xbXsq6wbZdW+Ht/R/oS7Z1tq:HuglaiH65xbXsq6wDpVR/n7Z

Score

10^/10

netsupport raccoon smokeloader 567d5bff28c2a18132d2f88511f07435 backdoor rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08.exe

Resource

win10v2004-20220812-en

netsupport raccoon smokeloader 567d5bff28c2a18132d2f88511f07435 backdoor rat stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

567d5bff28c2a18132d2f88511f07435

C2

http://116.203.167.5/

http://195.201.248.58/

rc4.plain

Targets

- Target
  
  8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08
- Size
  
  291KB
- MD5
  
  1e982a3efe0bf51fc997cc3a08ebab34
- SHA1
  
  deb3a2ca2bf4a032f2df55f5117d6f774dad2030
- SHA256
  
  8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08
- SHA512
  
  68e89eba604c225c97570a23c976c55821bb709167b57ffb3377f313b4fdd1feda9919ed943c2d9e61524dd6e5ddf84791d7075040e1eeca744d696f1688ee5b
- SSDEEP
  
  6144:H9PQU6275aiZRn9o5xbXsq6wbZdW+Ht/R/oS7Z1tq:HuglaiH65xbXsq6wDpVR/n7Z
Score

10^/10

netsupport raccoon smokeloader 567d5bff28c2a18132d2f88511f07435 backdoor rat stealer trojan
- Detects Smokeloader packer
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

netsupportraccoonsmokeloader567d5bff28c2a18132d2f88511f07435backdoorratstealertrojan

© 2018-2024

Terms | Privacy